Versa Networks Addresses Zero-Day Vulnerability in Director Platform

August 26, 2024

Versa Networks has recently addressed a zero-day vulnerability in its Director platform which was being exploited in ongoing attacks. The flaw allowed attackers to upload malicious files by manipulating an unrestricted file upload issue in the Versa Director GUI.

Versa Director is a tool designed to assist managed service providers in streamlining the design, automation, and delivery of Secure Access Service Edge (SASE) services. It provides crucial management, monitoring, and orchestration for Versa SASE's networking and security functionalities.

The vulnerability, designated as CVE-2024-39717, was identified by Versa as a high-severity issue in the software's 'Change Favicon' feature. This flaw enabled threat actors with administrator privileges to upload malicious files disguised as PNG images. In a security advisory issued on Monday, Versa stated, 'This vulnerability allowed potentially malicious files to be uploaded by users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges.'

Versa further explained that the customers affected were those who had not implemented system hardening and firewall guidelines, thus leaving a management port exposed on the internet that gave the threat actors initial access. The vulnerability only impacts customers who have not followed system hardening requirements and firewall guidelines, which have been available since 2017 and 2015 respectively.

On July 26, Versa alerted partners and customers to review firewall requirements for Versa components, and on August 9, they were informed about this zero-day vulnerability being exploited in attacks. According to Versa, the vulnerability was exploited by an 'Advanced Persistent Threat' (APT) actor in 'at least' one attack.

Versa has advised customers to implement hardening measures and update their Versa Director installations to the latest version to prevent potential attacks. Customers can also determine if the vulnerability has been exploited in their environments by inspecting the /var/versa/vnms/web/custom_logo/ folder for any suspicious files that may have been uploaded.

The Cybersecurity and Infrastructure Security Agency (CISA) added this zero-day to its Known Exploited Vulnerabilities (KEV) catalog last Friday. As per the binding operational directive (BOD 22-01) issued in November 2021, federal agencies are required to secure vulnerable Versa Director instances on their networks by September 13. CISA warned, 'These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.'

Versa Networks, a SASE vendor, provides services to thousands of customers with millions of users, including large enterprises such as Adobe, Samsung, Verizon, Virgin Media, Comcast Business, Orange Business, Capital One, Barclays, and over 120 service providers globally.

Latest News

• Chinese Hackers Leverage Zero-Day Cisco Switch Flaw for System Control
• SolarWinds Addresses Critical Vulnerability in Web Help Desk Software
• Google Addresses Ninth Exploited Chrome Zero-Day Vulnerability of 2024
• Styx Stealer's Creator Unmasked Due to Operational Security Error
• Critical Vulnerability in LiteSpeed Cache WordPress Plugin Threatens Millions of Websites